159 matches found
EUVD-2026-35898
Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....
PT-2026-48317
Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/tls: The use-after-free issue in the -EBUSY error handling path of tlsdoencryption has been fixed. The -EBUSY handling in tlsdoencryption, introduced with commit 859054147318 “net: tls: handle backlogging of crypto requests”,...
SUSE CVE-2026-31533
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption The -EBUSY handling in tlsdoencryption, introduced by commit 859054147318 "net: tls: handle backlogging of crypto requests", has a use-after-free due to double...
EUVD-2026-25249
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption The -EBUSY handling in tlsdoencryption, introduced by commit 859054147318 "net: tls: handle backlogging of crypto requests", has a use-after-free due to double...
CVE-2026-31533
The CVE-2026-31533 entry concerns a Linux kernel net/tls use-after-free in tls_do_encryption() when crypto_aead_encrypt() returns -EBUSY. The underlying issue is double cleanup of encrypt_pending and the scatterlist entry due to distinct cleanup paths (async callback tls_encrypt_done() vs synchro...
MiracleLinux 7 : ipa-4.4.0-14.6.0.1.el7.AXS7 (AXSA:2017-1334:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1334:03 advisory. IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control,...
EUVD-2012-4855
Malware in sbrugna...
EUVD-2019-10240
Malware in sbrugna...
EUVD-2019-18400
Malware in sbrugna...
EUVD-2024-54684
Malicious code in bioql PyPI...
EUVD-2025-16874
Malicious code in bioql PyPI...
EUVD-2022-24822
Malicious code in bioql PyPI...
EUVD-2024-3603
Malicious code in bioql PyPI...
EUVD-2021-29005
Malicious code in bioql PyPI...
EUVD-2021-27544
Malicious code in bioql PyPI...
CVE-2024-38823
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport...
CVE-2024-38823
CVE-2024-38823: Salt’s request server is vulnerable to replay attacks when not using TLS. The initial description confirms the vulnerability and CVSS v3.1 base score of 2.7 (LOW) with network attack vector, requiring high privileges and no user interaction. Connected documents (SUSE advisories) i...
CVE-2024-38823 CVE-2024-38823 Salt Advisory
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport...
CVE-2024-38823 CVE-2024-38823 Salt Advisory
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport...